<?php
require './sqlpdo/leadInto.php';
$sqlfun = new sqlfun();
$user = sget('UserName');
$psw = sget('Password');
$banben = sget('Version');
$step = sget('step');
$login_time = sget('logintime');

if (check($user) == "ok" || check($banben) == "ok" || check($step) == "ok") {
    echo "1|";exit;
} elseif ($step == '1' && check($psw) != "ok") {
    $sql = "select u.id,u.username,u.truename,u.`password`,u.`status`,r.title,u.`validity` from ean_user AS u LEFT JOIN ean_auth_group AS r ON u.role_id = r.id where u.username='" . $user . "' AND u.`password`='" . md5($psw) . "' AND u.flag = 1";
    $row = $sqlfun->getOne($sql);
    if(!checkArr($row)){
        echo "1||";exit;
    }else{
        if ($row['status'] == '2') {//禁用
            echo "3||";exit;
        } else {
            $time = time();
            $sql = "UPDATE ean_user SET last_login_ip='" . get_real_ip() . "',last_login_time='" . date('Y-m-d H:i:s', $time) . "' WHERE id = " . $row['id'];
            $sqlfun->update($sql);
            $sql1 = "INSERT INTO ean_user_log (uid,uname,login_time,login_ip) VALUE ('" . $row['id'] . "','" . $row['username'] . "','" . $time . "','" . get_real_ip() . "')";
            $sqlfun->insert($sql1);
            //直登网址
            echo "7|" . $time . "|" . $time . "|http://" . $_SERVER['HTTP_HOST'] . "/admin/user/urlLogin.html?username=" . $row['username'] . "&password=" . md5($psw) . "#" . $row['title'] . '[' . $row['truename'] . ']';exit;
        }
    }
}elseif ($step == 2) {
    $sqll = "select count(*) from ean_user_log where uname='" . $user . "' and login_time >='" . $login_time . "' order by login_time desc";
    $num = $sqlfun->selectNum($sqll);
    if ($num > 1) {
        echo "8";exit;
    } else {
        echo "7";exit;
    }
}

function get_real_ip()
{
    $ip = false;
    if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
        $ip = $_SERVER['HTTP_CLIENT_IP'];
    }
    if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        $ips = explode(', ', $_SERVER['HTTP_X_FORWARDED_FOR']);
        if ($ip) {
            array_unshift($ips, $ip);
            $ip = FALSE;
        }
        for ($i = 0; $i < count($ips); $i++) {
            if (!eregi('^(10│172.16│192.168).', $ips[$i])) {
                $ip = $ips[$i];
                break;
            }
        }
    }
    return ($ip ? $ip : $_SERVER['REMOTE_ADDR']);
}

function check($str)
{
    if (strstr($str, "'") || strstr($str, ";") || strstr($str, "union") || strstr($str, "‘") || $str == '') {
        return "ok";
    } else {
        return "no";
    }
}

?>

